from django.conf import settings
from rest_framework import serializers
from rest_framework import HTTP_HEADER_ENCODING
from rest_framework_simplejwt.authentication import JWTAuthentication
from rest_framework_simplejwt.settings import api_settings
from rest_framework_simplejwt.tokens import RefreshToken

# from mysqldb.models import AdminUserbaseList, StaffUserbaseList
from mysqldb.models import PayAdminUserList


def get_tokens_for_user(user):
    """创建Token"""
    refresh = RefreshToken.for_user(user)
    return refresh


class AdminJWTAuthentication(JWTAuthentication):
    """自定义身份验证- 后台管理员"""

    idx = 1

    def get_raw_header(self, header):
        parts = header.split()
        if len(parts) == 0:
            return None
        return parts[0]

    def authenticate(self, request):
        header = self.get_header(request)
        if header is None:
            return None

        raw_token = self.get_raw_token(header)
        if raw_token is None:
            return None

        # 验证登录类型
        raw_header = self.get_raw_header(header)
        if raw_header is None or raw_header != "Aearer".encode():
            return None

        validated_token = self.get_validated_token(raw_token)

        return self.get_user(validated_token), validated_token

    def get_user(self, validated_token):
        self.user_model = PayAdminUserList
        try:
            user_id = validated_token[api_settings.USER_ID_CLAIM]
        except BaseException as err:
            raise serializers.NotAuthenticated(
                "令牌不包含可识别的用户标识", code="not_authenticated"
            )

        try:
            user = self.user_model.objects.get(**{api_settings.USER_ID_FIELD: user_id})
        except BaseException as err:
            raise serializers.AuthenticationFailed("身份认证:用户不存在", code="user_not_found")

        if user.is_super:
            return user  # 超级管理员
        if not user.status:
            raise serializers.AuthenticationFailed("用户已锁定", code="user_inactive")  # 被禁用

        return user


# class UsersJWTAuthentication(JWTAuthentication):
#     """自定义身份验证- 前端用户组"""

#     idx = 2

#     def get_raw_header(self, header):
#         parts = header.split()
#         if len(parts) == 0:
#             return None
#         return parts[0]

#     def authenticate(self, request):
#         header = self.get_header(request)
#         if header is None:
#             return None

#         raw_token = self.get_raw_token(header)
#         if raw_token is None:
#             return None

#         # 验证登录类型
#         raw_header = self.get_raw_header(header)
#         if raw_header is None or raw_header != "Bearer".encode():
#             return None

#         validated_token = self.get_validated_token(raw_token)

#         return self.get_user(validated_token), validated_token

#     def get_user(self, validated_token):
#         self.user_model = StaffUserbaseList
#         try:
#             user_id = validated_token[api_settings.USER_ID_CLAIM]
#         except BaseException as err:
#             raise serializers.NotAuthenticated("令牌不包含可识别的用户标识", code="not_authenticated")

#         try:
#             user = self.user_model.objects.get(**{api_settings.USER_ID_FIELD: user_id})
#         except BaseException as err:
#             raise serializers.AuthenticationFailed("身份认证:用户不存在", code="user_not_found")

#         if not user.status:
#             raise serializers.AuthenticationFailed("用户已锁定", code="user_inactive")  # 被禁用

#         return user
